Add support for all private addresses, defined in "RFC 1918" standard. This fixes the issue of discarding some "shutdownService" requests due to coming from different local private addresses, when the Controller was run inside a docker container.
This commit is contained in:
parent
c37f157f51
commit
88a74b2c41
|
@ -13,6 +13,7 @@ import org.springframework.web.client.RestTemplate;
|
|||
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import java.net.ConnectException;
|
||||
import java.util.regex.Pattern;
|
||||
|
||||
|
||||
@Service
|
||||
|
@ -21,6 +22,9 @@ public class ShutdownServiceImpl implements ShutdownService {
|
|||
|
||||
private static final Logger logger = LoggerFactory.getLogger(ShutdownServiceImpl.class);
|
||||
|
||||
// Private Addresses, according to RFC 1918: https://www.rfc-editor.org/rfc/rfc1918
|
||||
private static final Pattern PRIVATE_IP_ADDRESSES_RFC_1918 = Pattern.compile("(?:10.|172.(?:1[6-9]|2[0-9]|3[0-1])|192.168.)[0-9.]+");
|
||||
|
||||
|
||||
public ResponseEntity<?> passSecurityChecks(HttpServletRequest request, String initMsg)
|
||||
{
|
||||
|
@ -31,8 +35,8 @@ public class ShutdownServiceImpl implements ShutdownService {
|
|||
String remoteAddr = GenericUtils.getRequestorAddress(request);
|
||||
|
||||
// In case the Controller is running inside a docker container, and we want to send the "shutdownServiceRequest" from the terminal (with curl), without entering inside the container,
|
||||
// then the request will appear coming from a local IP (192.168.X.Y), instead of localhost.
|
||||
if ( ! (remoteAddr.equals("127.0.0.1") || remoteAddr.startsWith("192.168.") || remoteAddr.equals(UriBuilder.ip) ) ) {
|
||||
// then the request will appear coming from a local (private) IP, instead of localhost.
|
||||
if ( ! (remoteAddr.equals("127.0.0.1") || remoteAddr.equals(UriBuilder.ip) || PRIVATE_IP_ADDRESSES_RFC_1918.matcher(remoteAddr).matches()) ) {
|
||||
logger.error(initMsg + "The request came from another IP: " + remoteAddr + " | while the Controller has the IP: " + UriBuilder.ip);
|
||||
return ResponseEntity.status(HttpStatus.FORBIDDEN).build();
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue